Privacy Policy

Updated November 10th, 2023 at 7:44 PM (Mountain Time)

This document applies to,,,, and any other subdomains.

You may see websites such as "Scratch", "TurboWarp", and "Scratch Auth" referenced in multiple places.

A "Service Administrator", "Admin", "Moderator", "Mod" or "Administrator" is a person who can either directly access the server files for PenguinMod, or a person who can contact the server host that is able to access the server files and server process. "Host" may also refer to the server host of PenguinMod's project sharing.

A "Project Moderator" is a person who has the ability to remove projects or content from those projects, and reply or send messages to users who had moderation actions happen towards their project or account.

These people can contact Administrators aswell, and may have extra permissions such as banning users.


We may log anonymous aggregated data such as how many people use the site, how often a feature is used, what operating system and browser is used, and diagnostic information such as cache hit ratios.

When using the website, your IP may be logged temporarily, but never permanently, (deleted after a server restart or update). This is to help us identify users who may be spamming or attacking the site. Your IP is only saved if you are blocked from the project servers.
Your IP may also be logged temporarily when viewing a project, along with information about the project you viewed.


When advertisements are served on any PenguinMod page, third parties may be placing and reading cookies on your browser, or using web beacons to collect information. PenguinMod itself does not do this, and you may be able to find more information here:

Project Sharing & Accounts

Accounts are logged into using Scratch Auth, which requires you to have a Scratch account.

When you use Scratch Auth, it can access:

Accounts do not actually exist on PenguinMod, but instead PenguinMod stores data that is attached to a certain username. When you "log-in" to an account, you are actually only gaining access to perform actions to data that is attached to a certain username, or create data to be attached to your username.

When using our Project Sharing:

Uploaded projects will be publicly visible to all users on the website. Any user may report a project or report another user to Project Moderators if they believe the Uploading Guidelines have been violated.

Project Information available to users, Project Moderators and Service Administrators include:

Information available only to Project Moderators and Service Administrators include: Information available only to Service Administrators include:

Your IP will temporarily be saved in the server when you view a project. This is used to make sure you are not the same user reloading the page to gain multiple views.

Account Usernames are saved in the server when that user liked, favorited or "voted to feature" a project.

Account Usernames and project info will also be logged when a project is liked, favorited or voted for. This is for debugging purposes for the developers.

Other services

When using cloud variables, the project ID and your username may be logged for up to 14 days.

Your randomly generated or chosen username is stored in your browser's local storage. To mitigate the potential to track users with this feature, all randomly generated usernames are anonymized before the server receives them. However, usernames explicitly set by a user may be logged to help prevent abuse.

Built-in Scratch extensions that require Wi-Fi (such as Translate, Text to Speech, LEGO, micro:bit, etc.) may connect to the Scratch API to implement these features. Refer to the Scratch privacy policy for more information. The Translate extension may instead make requests to a TurboWarp API, which may then forward your request to the Scratch API and log the message being translated and the result for caching and performance.

In rare circumstances, connections that are appear to be spam may have their IP logged for up to 24 hours. This happens very infrequently and only in cases of extreme abuse.

Built-in PenguinMod and Custom extensions that require Wi-Fi or use Wi-Fi to get online data (HTTP, Website Requests, Extended Audio, CloudLink, HTML iframes, Storage, etc.) may connect to any user-specified API, which will grant the owner of the website being connected to:

This document does not apply to third-parties, including other users or bots connected to cloud variables, links to external websites, custom extensions, or some advanced URL parameters.

Editor extensions

Core - HTML iframes (referred to as "iframes" here)

"iframes" may connect to user-specified websites. These websites may be allowed to access:

The websites specified may also display any content, however PenguinMod will attempt to automatically scan the website for any potential viruses or vulnerabilities. Major adult websites are also blocked, and most others are blocked aswell.
PenguinMod does not allow projects uploaded to only display content from other websites. Uploaded projects must contain content of their own, and certain websites may cause the uploaded project to be deleted or rejected.

Core - Scratch Authentication (referred to as "Scratch Auth Extension" here)

The "Scratch Auth Extension" will connect to Scratch Auth for Log-In. Scratch Auth can access:

The "Scratch Auth Extension" also allows your public Scratch account information to be accessible to the PenguinMod project, however other tools, extensions or APIs are required to get information past your Scratch username.

User-submitted (G1nX) - Better Storage

Better Storage will connect to Scratch Auth for Log-In. Scratch Auth can access:

Better Storage can also access any info that Scratch Auth can. The owner of Better Storage may also view any saved data using their keys for security and safety.


Email us at [email protected]

Join our Discord Server